Kerberos Constrained Delegation For Access To A Single Application Pool
- From: seangoogle@xxxxxxxxxxx
- Date: 22 Apr 2006 12:23:19 -0700
Is there some way to configure a service account used to run an ASP.NET
application pool to delegate identity only to specific virtual
directories or application pools on a remote server?
the HTTP service on a web service. This is insufficient for ourFrom what I've read, I've only ever seen constaining delegation down to
scenarios because we have many applications that run in various farms
and want to control access between specific applications.
For example:
- 2 Web Servers
- Server 1 Has Web Services: A & B
- Server 2 Has Web Services: C & D
- Web Service A should be able to delegate identity to web service C,
but not D
- Web Service B should be able to delegate identity to web service D,
but not C
- A & B Can Run as separate service accounts
How do I restrict access from the various service accounts to only
specific virtual directories or application pools on a server?
Possible?
Thanks!
.
- Follow-Ups:
- Prev by Date: Re: Non-Administrator users Can't do LDAP bind to AD
- Next by Date: active directory users logged in time
- Previous by thread: Access is Denied on domain admin console login
- Next by thread: Re: Kerberos Constrained Delegation For Access To A Single Application Pool
- Index(es):
Relevant Pages
|
